From f39fa2fee948590ac4c895c1339f41eac9ebd575 Mon Sep 17 00:00:00 2001 From: George Hartzell Date: Thu, 21 Sep 2017 06:22:09 -0700 Subject: Use trusted/historic site for texlive installer (#5347) * Make texlive untrusted TeXLive updates their installer without changing its name. We've been playing keep-up with them, but I'm proposing it's not worth it. I seem to end up installing it '--no-checksum' anyway. This commit updates the package to make that approach official, removing the checksum, adding a note to the description and a bigger note/comment inthe package body. * Pull installer from stable source (packages are still *live*) This pulls the installer script from the "historic" repository. It appears to be stable, so that we can use a checksum with it (one hopes, time will tell). The installer still pulls the packages from the live repos so installations aren't reproducible. --- var/spack/repos/builtin/packages/texlive/package.py | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) (limited to 'var') diff --git a/var/spack/repos/builtin/packages/texlive/package.py b/var/spack/repos/builtin/packages/texlive/package.py index 33ff76f6a8..85f8d904de 100644 --- a/var/spack/repos/builtin/packages/texlive/package.py +++ b/var/spack/repos/builtin/packages/texlive/package.py @@ -28,21 +28,24 @@ import os class Texlive(Package): """TeX Live is a free software distribution for the TeX typesetting - system""" + system. Heads up, it's is not a reproducible installation.""" homepage = "http://www.tug.org/texlive" - # Pull from specific site because the texlive mirrors do not all - # update in synchrony. + # Install from specific site because the texlive mirrors do not + # all update in synchrony. # # BEWARE: TexLive updates their installs frequently (probably why # they call it *Live*...). There is no good way to provide a - # repeatable install of the package. We try to keep up with the - # digest values, but don't be surprised if this package is - # briefly unbuildable. + # repeatable install of the package. # - version('live', '8925a175d2b69f5328003893b284a008', - url="http://ctan.math.utah.edu/ctan/tex-archive/systems/texlive/tlnet/install-tl-unx.tar.gz") + # We're now pulling the installation bits from tug.org's repo of + # historic bits. This means that the checksum for the installer + # itself is stable. Don't let that fool you though, it's still + # installing TeX **LIVE** from e.g. ctan.math.... below, which is + # not reproducible. + version('live', '8f8fc301514c08a89a2e97197369c648', + url='ftp://tug.org/historic/systems/texlive/2017/install-tl-unx.tar.gz') # There does not seem to be a complete list of schemes. # Examples include: -- cgit v1.2.3-70-g09d2